Security News
With the National Security Agency recently issuing guidance on the risks associated with wildcard TLS certificates and Application Layer Protocols Allowing Cross-Protocol Attacks techniques, it has many organizations and enterprise leaders wondering: What are the odds of a wildcard certificate being compromised and/or leading to serious consequences, and how can this prevented? Before IT leaders can truly respond to and mitigate wildcard certificate security risks - and manage wildcard certificates - it's essential to first understand what wildcard certificates are and why it's a common, flexible and helpful, but risky certificate.
In a document released last week, the agency provides mitigations against the risks that come with the use of wildcard certificates. A wildcard digital certificate can be used with multiple subdomains on the same domain, so it can cover multiple servers, while a multi-domain certificate is used for multiple domains on a single IP address.
Nearly two-thirds of enterprises are concerned about how much time is spent managing certificates. The typical enterprise says as many as 1,200 of the certificates are actually unmanaged, and 47% say they frequently discover so-called "Rogue" certificates.
Issuing and installing SSL certificates doesn't have to be a challenge, especially when there are tools like acme. Installing SSL certificates isn't difficult, but it's a process every Linux administrator will have to take on at some point in their career.
Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. Internet Information Services is Microsoft Windows web server software included with all Windows versions since Windows 2000, XP, and Server 2003.
Learn tips on how you can use the Linux openssl command to find critical certificate details. It's important to not only keep an eye on upcoming SSL certificate expirations but to completely verify the success of renewing/replacing these certificates.
If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. For anything in production, you'll be purchasing your SSL certificates from a certificate authority, otherwise, you're not really giving those users much assurance.
Managing digital certificates, especially expirations and renewals, continues to be a challenging process for businesses of all sizes, a study of over 300 IT professionals in the U.S. and the UK conducted by Opinium reveals. Most companies rely on digital certificates and digital signatures, but the methods being utilized to manage the technology still leave plenty of room for error and improvement.
Paired with the required DMARC enforcement, VMCs are a critical step in a series of security measures that help strengthen email security, build trust in the inbox and help users associate the brand logo with the company they expect to communicate with. "With BIMI and VMC from DigiCert for DMARC-verified domains, organizations can now demonstrate to their customers a higher level of email security. DigiCert VMCs not only help reduce instances of spam and spoofing customers receive, because of the DMARC requirement, but they also enable organizations to go beyond displaying default email addresses to increase engagement rates and display their brands more prominently."
Google Cloud on Monday announced that its Certificate Authority Service is now generally available. The Google Cloud Certificate Authority Service, for which a public preview was announced in October 2020, is designed to help organizations "Simplify, automate, and customize the deployment, management, and security of private certificate authorities."